MENU

IT security is changing: if the SIEM is dead, what’s next?

IT security is changing: if the SIEM is dead, what’s next?

Feature articles |
By eeNews Europe



No company or government wants to be in headlines due to lax security practices. The severe financial and reputational implications are making cyber security a board-level concern.

Companies are increasingly turning to managed security service providers (MSSPs) to bring added manpower and expertise to the problem. Traditional, security point solutions such as Security Information and Event Management (SIEM) systems have failed to provide adequate breach detection. If you doubt this, ask yourself – when was the last time your SIEM provided truly useful intelligence?

When we say ‘useful’, we mean more than a simple log event from an antivirus server. What about an actual cyber-threat facing your business? Chief Information Security Officers (CISOs) need to think like detectives on the lookout for cyber criminals threatening your enterprise.

If you are still struggling to recollect a useful incident notification, it is safe to assume that your SIEM is not meeting your business requirements. This is likely because most SIEM systems deliver such a high volume of notifications. Information overload makes it challenging for IT staff to actually understand and identify what is a real threat and what is not.

This is not an isolated issue; it affects IT security teams of all sizes. So much noise is generated that it becomes virtually impossible to follow up legitimate threats. Scale also has an impact, even a decent sized team of experienced security professionals lacks the time to manually analyze the terabytes of log data generated on a global network.

Finding an answer

So what are the alternative options? Thankfully for under-pressure CISOs, a number of managed security service providers have begun to change how IT security is implemented with a multi-layered approach to solution design and delivery.

At the forefront of this shift is machine learning, the next generation of artificial intelligence that employs complex algorithms, big data analysis and behavioral profiling for the entire network. Systems such as these are capable of spotting anomalous behavior over time by leveraging the masses of data added to the system each day. The breadth and speed of the analysis enables the organization to react to threats far earlier than traditional security solutions.

This is not to suggest that security specialists no longer have a role to play in the security operations center (SOC). In fact the ideal situation is the reverse, as the most effective security solutions combine data, analytical capabilities and human intelligence for maximum impact and protection. Certified security experts are needed to investigate network abnormalities, block data exfiltration and deliver actionable intelligence, however this expertise now no longer needs to be kept in-house.

Managed security service providers offer deep subject matter expertise and 24×7 monitoring to provide a vastly greater level of protection and intelligence than an internal IT team can on its own. Furthermore, providers can deliver detailed remediation guidance to help the business stop cyber criminals in their tracks. Once a detected breach has been identified and contained, the internal team can return to its strategic objectives.

The SIEM has served its purpose. But the threat landscape is too sophisticated for any one security application to handle. Enterprises have the option of augmenting their existing systems and internal security experts with third party services that provide an added layer of defense with advanced analytics, continuous monitoring and human expertise. With data breaches expected to become even more prevalent, now is the time to assess your security strategy before your company becomes an unfortunate target.

About the author:

Tim Bury is Managing Director EMEA at Masergy Communications – www.masergy.com

If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :    eeNews on Google News

Share:

Linked Articles
10s